Menu
I want to decode the password from a System.Security.SecureString to a readable password.
$password = convertto-securestring "TestPassword" -asplaintext -force $credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain") This code part works fine, I can use the $credentials object. But later in my code I need the password in a readable format. Because a methode needs the password in readable string. So I must decode the password back.
How it is possible to decode the password from the $credentials object?
Update
Not working:
$password = convertto-securestring "TestPassword" -asplaintext -force $credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain") $Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($credentials.password) $result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr) [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr) $result 
820
Converts a secure string to an encrypted standard string.
$cred = Get-Credential without asking for prompts in powershell - Microsoft Tech Community.
In PowerShell, there are a number of cmdlets that work with something called a secure string. When you create a saved credential object, the password is stored as a secure string.
As others have already answered, the contents of SecureString are encrypted using DPAPI, so the keys aren't stored in your application, they're part of the OS.
Here you go:
$password = ConvertTo-SecureString 'P@ssw0rd' -AsPlainText -Force $Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($password) $result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr) [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr) $result P@ssw0rd
92
For a "System.Net.NetworkCredential" object, all you need to do is read the String password.
$password = convertto-securestring "TestPassword" -asplaintext -force $credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain") $credentials.Password TestPassword $credentials | gm TypeName: System.Net.NetworkCredential Name MemberType Definition ---- ---------- ---------- Equals Method bool Equals(System.Object obj) GetCredential Method System.Net.NetworkCredential GetCredential(uri uri, str GetHashCode Method int GetHashCode() GetType Method type GetType() ToString Method string ToString() Domain Property string Domain {get;set;} Password Property string Password {get;set;} SecurePassword Property securestring SecurePassword {get;set;} UserName Property string UserName {get;set;} If you end up with a PSCredential object, from an interactive command like Get-Credential use
$credentials=Get-Credential $credentials.GetNetworkCredential().UserName TestUsername $credentials.GetNetworkCredential().Domain TestDomain $credentials.GetNetworkCredential().Password TestPassword See http://blogs.technet.com/b/heyscriptingguy/archive/2013/03/26/decrypt-powershell-secure-string-password.aspx for details.
Note: I used PS 4 for this example.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
